Header Only - DO NOT REMOVE - Extreme Networks
Question

AP7632 (firmware 5.9.1.5-001R) a few questions

  • 12 February 2020
  • 15 replies
  • 1531 views

Hello everybody!

I am new to the world of extreme AP`s and i have a few questions :)

I have 3 types of Ap`s- 6521,7622 and 7632. I updated the firmware to  5.9.1.5-001R on all of them.

Also have 2 VC - one 6521 and one 7622.

6521 are wing express and they cant see the 7622 and 7632, which are only WING.

7622 sees only 7622 ap`s.

7632 sees all the AP`s.

1st question - can i make all app`s to be adopted by only 1 VC (for instance the 7622 VC, because its interface is not so difficult to understand).

2nd question - can i make the 7632 VC to adopt all other ap`s, and if it is possible, please tell me how to make a guest wi-fi on 7632.


15 replies

Userlevel 6

The AP65xx APs do not support heterogeneous AP adoption and management. 

See below knowledge Article:

Can a WiNG virtual controller adopt different model (heterogeneous) as well as Express APs?

Userlevel 6

See article  WiNG Internet-Only guest WLAN

Userlevel 6

Hello Ivaylo,

The following link will provide you with the VC adoption hierarchy for heterogeneous APs:

https://extreme-networks--c.na101.visual.force.com/articles/Q_A/Can-a-WiNG-virtual-controller-adopt-different-model-APs?caseid=5002T00001A2zso

Other links in there may be of help to you as well.  

Upon looking at the adoption hierarchy, It does not seem like the AP7622 APs can be adopted by a AP7632 or AP7662. The AP65xx APs cannot be adopted any other model AP.  

In your situation and for ease of management I would recommend looking into using a controller. 

It is not recommended to have more than one virtual controller on the same subnet. Your mint stats may be affected. 

 

I hope this helps,

 

Thank you,

 

Chris

 

Hello again.

I followed the steps in WiNG Internet-Only guest WLAN and created the guest ssid and added it in RADIO 1, but it has no internet, only local connection.

How to enable the internet in the guest wi-fi?

 

I will have two VC, because i have no chice. The 7632 ap will become vc for 7632 and 7622 ap`s.

Userlevel 6

2  things you may want to look at:

 

1 - Add a rule to allow access to the default gateway and place it before the first deny rule

2 - If the DNS server is on the same subnet, move the DNS rule to before the first deny rule. 

 

Test one at a time. 

 

I hope this helps,

 

Chris

Hello!

Can you please tell me how to do it?

Userlevel 6

Let’s say your fist deny rule looks like this:

deny ip any 172.16.16.0/22 rule-precedence 10

The default gateway rule would look like something like this:

permit ip any host 172.16.16.110 rule-precedence 9     (DGW IP is 172.16.16.110)

The DNS rule will look like this:

permit udp any any eq dns rule-precedence 8

 

Thank you,

 

Chris

I`ve tried both, but It is the same again.

my DGW is 10.10.10.1

Any ideas?

Userlevel 6

At this point it may be advisable to contact GTAC and open a support ticket for in depth analysis of issue. 

 

Thank you

Ok, let`s start from the begining.

I reseted all 7632 APs and created SSID for the office.

Now i want to create another SSID for guest users so that they do not have access to the main network (in this case 10.10.10.1 and 10.10.11.1). What steps should i go through to create it?

I am using GUI, the web interface this time.

Userlevel 6

It security is paramount, you should create a VLAN on you network that is specifically tailored for your guest users (segregated from the rest of your corp network). This is done at router/switch level. Then you simply create a WLAN on the AP and map it to this VLAN (make sure that you trunk the ge 1 port and allow all vlans out). No need for ACLs or anything else in this case. 

Second option would be Natting. This way you will have the guest WLAN on its own subnet and natted to the corp network. Here are the instructions: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Natting-on-a-WiNG-Express-Virtual-controller

Third option would  be to have the guests and corp users on the same network but use an ACL to route traffic on the guest side to the internet. This is the least secure and should be a last resort. 

This is very usefull, but in ap7632 it is a bit more different.

Can you tell me where to find the steps to create NAT in ap7632?

Thank you in advance.

 

I am using WING v5.9, and the firmware is updated to 5.9.3.1-005R

Userlevel 6

This may help!

 

Thank you,

 

Chris

Hello again!

I am doing exact what is shown in the doc, but still i don`t have internet.

HELP :)

Hello again!

I have another question

all app`s are online (7632), but when i log in to the VC i see this (see attached file).

I log in to every single ap, and uncheck that it is a VC, but this doesn`t help. How can i do it correct?

Reply